Splunk® Universal Forwarder

Splunk Remote Upgrader for Linux Universal Forwarders

Distribute universal forwarder update packages to universal forwarders

You can distribute the target universal forwarder packages with or without the deployment server.

Distribute the universal forwarder package using the deployment server

On the machine running the deployment server, download the universal forwarder package and insert it into the remote upgrader in order to distribute it to remote universal forwarders.

  1. Download the target universal forwarder package from splunk.com with the corresponding .sig files by going to More > "Download x509 Signature" for each universal forwarder package. The .sig file is available for all 9.0.0+ universal forwarders. If you have previously downloaded your universal forwarder, you must download them again along with their associated .sig file. Otherwise the universal forwarder upgrade may fail.
  2. Untar the remote upgrader 
    tar xf splunk-upgrader-100.tgz
  3. Create a directory in the remote upgrader and insert the universal forwarder package and .sig file to the ./local/packages directory: 
    mkdir -p ./splunk_app_uf_remote_upgrade_linux/local/packages
cp ./splunkforwarder-9.0.5-e9494146ae5c-Linux-x86_64.tgz* ./splunk_app_uf_remote_upgrade_linux/local/packages/
  4. Copy the upgrader to the deployment server's ./etc/manager-apps/ directory to distribute it 
    cp -r ./splunk_app_uf_remote_upgrade_linux/ /opt/splunk/etc/manager-apps/
  5. Deploy this configuration to your remote universal forwarders. The remote upgrader delivery script will work with the remote upgrader to upgrade the universal forwarder automatically. For more information about deploying configurations using the deployment server, see https://docs.splunk.com/Documentation/Splunk/9.4.0/Updating/Createdeploymentapps.

Distribute the universal forwarder upgrader package without the deployment server

Once you install the universal forwarder remote upgrader on the Linux box, the directory /tmp/SPLUNK_UPDATER_MONITORED_DIR is created, which receives the universal forwarder packages.

To distribute the universal forwarder package without the deployment server, put the following files into this directory:

  • Splunkforwarder-9.4.0-6b4ebe426ca6-linux-amd64.tgz
  • Splunkforwarder-9.4.0-6b4ebe426ca6-linux-amd64.tgz.sig

If the universal forwarder package is distributed manually, create a trigger file start_uf_upgrade in the directory /tmp/SPLUNK_UPDATER_MONITORED_DIR to trigger the upgrade: 

touch /tmp/SPLUNK_UPDATER_MONITORED_DIR/start_uf_upgrade

.

Last modified on 01 April, 2025
Remotely upgrade your universal forwarders   Configure the remote upgrader for Linux universal forwarders to automatically upgrade

This documentation applies to the following versions of Splunk® Universal Forwarder: 1.0.0, 1.0.1, 8.2.11, 8.2.12, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.4.1

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters